package org.keycloak.services.resources.admin;

import com.fasterxml.jackson.annotation.JsonProperty;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.OPTIONS;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.NoCache;
import org.keycloak.Config;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.Profile;
import org.keycloak.common.Version;
import org.keycloak.common.util.Environment;
import org.keycloak.common.util.SecureContextResolver;
import org.keycloak.common.util.UriUtils;
import org.keycloak.headers.SecurityHeadersProvider;
import org.keycloak.http.HttpRequest;
import org.keycloak.http.HttpResponse;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oid4vc.issuance.mappers.OID4VCTargetRoleMapper;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.Urls;
import org.keycloak.services.cors.Cors;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.util.Chunk;
import org.keycloak.services.util.ViteManifest;
import org.keycloak.theme.FreeMarkerException;
import org.keycloak.theme.Theme;
import org.keycloak.theme.freemarker.FreeMarkerProvider;
import org.keycloak.urls.UrlType;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/admin/AdminConsole.class */
public class AdminConsole {
    protected static final Logger logger = Logger.getLogger(AdminConsole.class);
    protected final ClientConnection clientConnection;
    protected final HttpRequest request;
    protected final HttpResponse response;
    protected final KeycloakSession session;
    protected final RealmModel realm;

    /* loaded from: input_file:org/keycloak/services/resources/admin/AdminConsole$WhoAmI.class */
    public static class WhoAmI {
        protected String userId;
        protected String realm;
        protected String displayName;
        protected Locale locale;
        protected boolean isTemporary;

        @JsonProperty("createRealm")
        protected boolean createRealm;

        @JsonProperty("realm_access")
        protected Map<String, Set<String>> realmAccess;

        public WhoAmI() {
            this.realmAccess = new HashMap();
        }

        public WhoAmI(String str, String str2, String str3, boolean z, Map<String, Set<String>> map, Locale locale, boolean z2) {
            this.realmAccess = new HashMap();
            this.userId = str;
            this.realm = str2;
            this.displayName = str3;
            this.createRealm = z;
            this.realmAccess = map;
            this.locale = locale;
            this.isTemporary = z2;
        }

        public String getUserId() {
            return this.userId;
        }

        public void setUserId(String str) {
            this.userId = str;
        }

        public String getRealm() {
            return this.realm;
        }

        public void setRealm(String str) {
            this.realm = str;
        }

        public String getDisplayName() {
            return this.displayName;
        }

        public void setDisplayName(String str) {
            this.displayName = str;
        }

        public boolean isCreateRealm() {
            return this.createRealm;
        }

        public void setCreateRealm(boolean z) {
            this.createRealm = z;
        }

        public Map<String, Set<String>> getRealmAccess() {
            return this.realmAccess;
        }

        public void setRealmAccess(Map<String, Set<String>> map) {
            this.realmAccess = map;
        }

        public Locale getLocale() {
            return this.locale;
        }

        public void setLocale(Locale locale) {
            this.locale = locale;
        }

        @JsonProperty(OIDCLoginProtocolFactory.LOCALE)
        public String getLocaleLanguageTag() {
            if (this.locale != null) {
                return this.locale.toLanguageTag();
            }
            return null;
        }

        public boolean isTemporary() {
            return this.isTemporary;
        }

        public void setTemporary(boolean z) {
            this.isTemporary = z;
        }
    }

    public AdminConsole(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.clientConnection = keycloakSession.getContext().getConnection();
        this.request = keycloakSession.getContext().getHttpRequest();
        this.response = keycloakSession.getContext().getHttpResponse();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Path("config")
    @GET
    public ClientManager.InstallationAdapterConfig config() {
        ClientModel clientByClientId = this.realm.getClientByClientId("security-admin-console");
        if (clientByClientId == null) {
            throw new NotFoundException("Could not find admin console client");
        }
        return new ClientManager(new RealmManager(this.session)).toInstallationRepresentation(this.realm, clientByClientId, this.session.getContext().getUri().getBaseUri());
    }

    @Path("whoami")
    @OPTIONS
    public Response whoAmIPreFlight() {
        return new AdminCorsPreflightService().preflight();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @NoCache
    @Path("whoami")
    @GET
    public Response whoAmI(@QueryParam("currentRealm") String str) {
        String username;
        if (!Profile.isFeatureEnabled(Profile.Feature.ADMIN_API)) {
            throw new NotFoundException();
        }
        RealmManager realmManager = new RealmManager(this.session);
        AuthenticationManager.AuthResult authenticate = new AppAuthManager.BearerTokenAuthenticator(this.session).setRealm(this.realm).setConnection(this.clientConnection).setHeaders(this.session.getContext().getRequestHeaders()).authenticate();
        if (authenticate == null) {
            throw new NotAuthorizedException("Bearer", new Object[0]);
        }
        String issuedFor = authenticate.getToken().getIssuedFor();
        if (!"security-admin-console".equals(issuedFor)) {
            if (issuedFor == null) {
                throw new ForbiddenException("No azp claim in the token");
            }
            ClientModel clientByClientId = this.session.clients().getClientByClientId(this.realm, issuedFor);
            if (clientByClientId == null || !Boolean.parseBoolean(clientByClientId.getAttribute("security.admin.console"))) {
                throw new ForbiddenException("Token issued for an application that is not the admin console: " + issuedFor);
            }
        }
        UserModel user = authenticate.getUser();
        if ((user.getFirstName() == null || user.getFirstName().trim().equals("")) && (user.getLastName() == null || user.getLastName().trim().equals(""))) {
            username = user.getUsername();
        } else {
            username = user.getFirstName();
            if (user.getLastName() != null) {
                username = username != null ? username + " " + user.getLastName() : user.getLastName();
            }
        }
        RealmModel adminstrationRealm = getAdminstrationRealm(realmManager);
        HashMap hashMap = new HashMap();
        if (adminstrationRealm == null) {
            throw new NotFoundException("No realm found");
        }
        boolean z = false;
        if (this.realm.equals(adminstrationRealm)) {
            logger.debug("setting up realm access for a master realm user");
            RoleModel role = adminstrationRealm.getRole(AdminRoles.CREATE_REALM);
            if (role != null) {
                z = user.hasRole(role);
            }
            addMasterRealmAccess(user, str != null ? str : this.realm.getName(), hashMap);
        } else {
            logger.debug("setting up realm access for a realm user");
            addRealmAccess(this.realm, user, hashMap);
        }
        if (hashMap.isEmpty() || hashMap.values().iterator().next().isEmpty()) {
            throw new ForbiddenException("No realm access");
        }
        return Cors.builder().allowedOrigins(authenticate.getToken()).allowedMethods(new String[]{"GET"}).auth().add(Response.ok(new WhoAmI(user.getId(), this.realm.getName(), username, z, hashMap, this.session.getContext().resolveLocale(user), Boolean.parseBoolean(user.getFirstAttribute("is_temporary_admin")))));
    }

    private void addRealmAccess(RealmModel realmModel, UserModel userModel, Map<String, Set<String>> map) {
        getRealmAdminAccess(realmModel, realmModel.getClientByClientId(new RealmManager(this.session).getRealmAdminClientId(realmModel)), userModel, map);
    }

    private void addMasterRealmAccess(UserModel userModel, String str, Map<String, Set<String>> map) {
        RealmModel realmByName = this.session.realms().getRealmByName(str);
        getRealmAdminAccess(realmByName, realmByName.getMasterAdminClient(), userModel, map);
    }

    private void getRealmAdminAccess(RealmModel realmModel, ClientModel clientModel, UserModel userModel, Map<String, Set<String>> map) {
        Stream rolesStream = clientModel.getRolesStream();
        Objects.requireNonNull(userModel);
        map.put(realmModel.getName(), (Set) rolesStream.filter(userModel::hasRole).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()));
    }

    @NoCache
    @Path("logout")
    @GET
    public Response logout() {
        return Response.status(302).location(OIDCLoginProtocolService.logoutUrl((UriInfo) this.session.getContext().getUri(UrlType.ADMIN)).queryParam(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, new Object[]{AdminRoot.adminConsoleUrl((UriInfo) this.session.getContext().getUri(UrlType.ADMIN)).build(new Object[]{this.realm.getName()}).toString()}).build(new Object[]{this.realm.getName()})).build();
    }

    protected RealmModel getAdminstrationRealm(RealmManager realmManager) {
        return realmManager.getKeycloakAdminstrationRealm();
    }

    @NoCache
    @GET
    public Response getMainPage() throws IOException, FreeMarkerException {
        KeycloakUriInfo uri = this.session.getContext().getUri(UrlType.FRONTEND);
        KeycloakUriInfo uri2 = this.session.getContext().getUri(UrlType.ADMIN);
        if (!uri2.getRequestUri().getPath().endsWith("/")) {
            return Response.status(302).location(uri2.getRequestUriBuilder().path("/").build(new Object[0])).build();
        }
        URI baseUri = uri.getBaseUri();
        URI baseUri2 = uri2.getBaseUri();
        String replaceFirst = baseUri.toString().replaceFirst("/+$", "");
        String replaceFirst2 = baseUri2.toString().replaceFirst("/+$", "");
        HashMap hashMap = new HashMap();
        Theme theme = AdminRoot.getTheme(this.session, this.realm);
        hashMap.put("isSecureContext", Boolean.valueOf(SecureContextResolver.isSecureContext(baseUri2)));
        hashMap.put("serverBaseUrl", replaceFirst);
        hashMap.put("adminBaseUrl", replaceFirst2);
        hashMap.put("authServerUrl", replaceFirst);
        hashMap.put("authUrl", replaceFirst2);
        hashMap.put("consoleBaseUrl", Urls.adminConsoleRoot(baseUri2, this.realm.getName()).getPath());
        hashMap.put("resourceUrl", Urls.themeRoot(baseUri2).getPath() + "/admin/" + theme.getName());
        hashMap.put("resourceCommonUrl", Urls.themeRoot(baseUri2).getPath() + "/common/keycloak");
        hashMap.put("masterRealm", Config.getAdminRealm());
        hashMap.put("resourceVersion", Version.RESOURCES_VERSION);
        hashMap.put("loginRealm", this.realm.getName());
        hashMap.put(OID4VCTargetRoleMapper.CLIENT_CONFIG_KEY, "security-admin-console");
        hashMap.put("properties", theme.getProperties());
        String str = Environment.isDevMode() ? System.getenv(ViteManifest.ADMIN_VITE_URL) : null;
        if (str != null) {
            hashMap.put("devServerUrl", str);
        }
        InputStream resourceAsStream = theme.getResourceAsStream(ViteManifest.MANIFEST_FILE_PATH);
        if (str == null && resourceAsStream != null) {
            Chunk entryChunk = ViteManifest.parseFromInputStream(resourceAsStream).getEntryChunk();
            String[] orElse = entryChunk.css().orElse(new String[0]);
            String file = entryChunk.file();
            String[] orElse2 = entryChunk.imports().orElse(new String[0]);
            hashMap.put("entryStyles", orElse);
            hashMap.put("entryScript", file);
            hashMap.put("entryImports", orElse2);
        }
        Response.ResponseBuilder entity = Response.status(Response.Status.OK).type(MediaType.TEXT_HTML_UTF_8).language(Locale.ENGLISH).entity(((FreeMarkerProvider) this.session.getProvider(FreeMarkerProvider.class)).processTemplate(hashMap, "index.ftl", theme));
        if (!baseUri2.equals(baseUri)) {
            this.session.getProvider(SecurityHeadersProvider.class).options().allowFrameSrc(UriUtils.getOrigin(baseUri));
        }
        return entity.build();
    }

    @GET
    @Path("{indexhtml: index.html}")
    public Response getIndexHtmlRedirect() {
        return Response.status(302).location(this.session.getContext().getUri(UrlType.ADMIN).getRequestUriBuilder().path("../").build(new Object[0])).build();
    }

    @Produces({MediaType.APPLICATION_JSON})
    @GET
    @Path("messages.json")
    public Properties getMessages(@QueryParam("lang") String str) {
        return AdminRoot.getMessages(this.session, this.realm, str, "admin-messages");
    }
}
